Building a digital trusted foundation in the cloud

Businesses have been propelled into the “low touch, high tech” economy, due to the global pandemic, which has put even greater emphasis on the word trust when it comes to the cloud, availability, confidentiality and integrity of our data.

With the business criticality of digital trust growing, 55% of European spending on security services will be devoted to developing, implementing and maintaining a “trust framework” by mid 2023, according to IDC. A cloud ecosystem with a trusted design has the capabilities to protect and secure the infrastructure and its most precious data assets.

Protecting sensitive data

Cloud is enabling innovation and new business models. And trust, the foundation on which the concept of cloud computing is built, is fundamental to their success. The problem is that when it comes to trusted solutions, there is no one size fits all, despite what many vendors will tell you.

In addition, not all data and activities in a company are sensitive. It can be estimated that around 15-20% of an organization’s data needs extra protection, unless of course they are involved in mission-critical industries, such as power, health or defense systems, which have stricter codes of security.

In addition, it must be remembered that the more protection you have, often the less flexible your solution will be. More security can make it more complex and less agile for operators to launch workloads, for example. Understanding what data is sensitive is key to an effective digital-trusted foundation that preserves competitiveness.

There is no single answer

We take the approach that there is no single answer to this conundrum. There is no single trusted cloud solution and no definite definition of what a sovereign solution means to all organizations.

Each organization has its own priorities when it comes to sensitive data, and what works for one does not necessarily work for another. There are different criteria that make up this trust, which is earned not given. We therefore see trusted cloud as much as a methodology as a solution.

As a result, we work with customers to help them build a picture of their trust criteria, so that we can bring the best trusted foundation for their specific business requirements.

Pillars for a trusted foundation

We have identified five families of criteria on which to build a trusted cloud foundation:

1) Data and regulations, including data localization and complying with laws and regulations that apply to using cloud. You need to know where your data is hosted, who is accessing it and what regulations apply, such as GDPR. Laws in different countries may mean that your cloud implementations need to be adjusted accordingly.

2) Governance and contract covers who operates the cloud services and infrastructure and how business continuity is managed. If data centers are in France, but everything is operated from the U.S., there is a big question mark about the level of data sovereignty being achieved, for example. The issue with data sovereignty is that data stored in the cloud can be subject to the jurisdiction of more than one country, which can make it increasingly complex.

3) Operations and business continuity needs to be evaluated when moving to multicloud. Multicloud environments can be large and need to be carefully orchestrated, way beyond traditional operations management principles. Successful clouds depend on effective operations management. From a continuity perspective, you need to ensure providers’ plans fit your business requirements for availability and return to service, for example. By addressing these areas, organizations can vastly improve responsiveness by establishing governance, addressing controls linked to foundational security and manage physical and environmental risks.

4) Technologies covers the cloud and application components and services your platforms and solutions are built on. Organizations are advised to seek expert advice on the cloud technologies they are using to satisfy sovereignty, especially when using third-party components. Organizations may have strong IT departments, but many lack the advanced cyberdefense and networking expertise required to build a solid digital trust foundation.

5) Services portfolio Transforming IT makes a significant impact on designing and using cloud services. It also includes modifications on how data will be structured and shared through the enterprise. A portfolio of services to support cloud transformation, including all important cloud maturity and security assessments, is central to a successful cloud deployment.

Trusted cloud foundation

Orange Business is one of very few European companies that can provide cloud infrastructure, cloud security and cloud connectivity in a trusted European cloud framework. For customers relying on Orange Business solutions, we can provide a framework that can evolve with our trusted services portfolio and can be customized for unique environments. Orange Business offers an end-to-end services portfolio to support its customers throughout the full scope of their cloud ambitions.

Orange is also a founding member of Gaia-X, a joint French and German initiative (now expanding to many of the EU member states) that aims to create a European ecosystem of cloud, high-performance computing and data services governed by European data laws and values. Technical implementations are already ongoing, with a first focus on federated identity and trust mechanisms and sovereign data services.

Trusted solutions will differ

There is no one universal trusted solution that will tick all the boxes. Organizations need to choose the most important criteria for them, and we design and source the best solutions available in terms of trusted infrastructures and trusted end-to-end services.

Organizations also need to look at these pillars in association with professional services, which includes expertise, technical training and support, managed services covering outsourcing and platform as a service (PaaS) as well as cloud infrastructure.

As organizations move further forward in their cloud maturity journey, digital trust in services is becoming more important. Trust is essential in driving new revenue streams and building customer relationships.

Re-visiting your trust model

Building a digital trusted foundation isn’t a one-off project to create and forget either. The cloud landscape is changing. You need to re-visit it regularly and have dynamic cloud solution portfolios in place when adding new functionalities and updates to protect data and assets.

As such, it is important to have a trusted foundation that evolves at the same pace as your public cloud. If you can’t achieve this, you will eventually see cracks appear in your trusted digital foundation. Cloud Native and DevOps, for example, must rely on a trusted infrastructure that supports containers.

Taking the first trusted step

Trust isn’t something that can be put in as an afterthought. A digital trusted foundation should be at the top of any organization’s multicloud agenda. Once it is in place, organizations can talk to different providers to find out which solutions fit best into their overarching trust strategy. Without it, organizations will struggle to survive and tap into opportunities the “low touch, high tech” economy offers.

Find out how an energy company is trailblazing by harnessing the power of secure and trusted cloud as a focus for transformation, digitized processes and innovation, and connecting its global operations.

Cédric Prévost
Cédric Prévost

As a graduate engineer of École Polytechnique, I worked in the public sector for ten years in technical architecture and security within the Ministry of Defense. Following my position as CIO of the French Government from 2007 to 2011, I am now Marketing Director for Trusted Cloud Solutions at Orange Business.